143864 2015-04-16 22:18:23 -0700 contentWidth can become negative with nested scrollbars 2022-12-16 18:20:06 -0800 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) Unspecified Unspecified NEW P2 Normal --- 1 bjonesbe webkit-unassigned ahmad.saleem792 rwlbuis simon.fraser zalan oldest_to_newest 1086251 0 251004 bjonesbe 2015-04-16 22:18:23 -0700 Created attachment 251004 Test case This was originally reported in Blink: https://code.google.com/p/chromium/issues/detail?id=450598 This shows up when a percentage shape margin is specified, since the shape margin is computed based on the width of the containing block, and there's an assert that this computation should always return a positive number, WebKit stack: ASSERTION FAILED: shapeMargin() >= 0 /Users/bemjb/Code/WebKit/Source/WebCore/rendering/shapes/RectangleShape.cpp(45) : WebCore::FloatRect WebCore::RectangleShape::shapeMarginBounds() const 1 0x111f23d00 WTFCrash 2 0x114cba5ff WebCore::RectangleShape::shapeMarginBounds() const 3 0x114cbad81 WebCore::RectangleShape::shapeMarginLogicalBoundingBox() const 4 0x1137830dc WebCore::Shape::lineOverlapsShapeMarginBounds(WebCore::LayoutUnit, WebCore::LayoutUnit) const 5 0x1151ca0ac WebCore::ShapeOutsideInfo::computeDeltasForContainingBlockLine(WebCore::RenderBlockFlow const&, WebCore::FloatingObject const&, WebCore::LayoutUnit, WebCore::LayoutUnit) 6 0x1149f74af WebCore::LineWidth::shrinkAvailableWidthForNewFloatIfNeeded(WebCore::FloatingObject*) 7 0x114d23b08 WebCore::RenderBlockFlow::positionNewFloatOnLine(WebCore::FloatingObject*, WebCore::FloatingObject*, WebCore::LineInfo&, WebCore::LineWidth&) 8 0x1149db938 WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&) 9 0x1149dbb80 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) 10 0x114d1e4af WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) 11 0x114d1d291 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) 12 0x114d21ad0 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 13 0x114cfa382 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 14 0x114cf93c8 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 15 0x114cc57c9 WebCore::RenderBlock::layout() 16 0x114cfcbf3 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x114cfa5e6 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 18 0x114cf93eb WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 19 0x114cc57c9 WebCore::RenderBlock::layout() 20 0x114cfcbf3 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 21 0x114cfa5e6 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 22 0x114cf93eb WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 23 0x114cc57c9 WebCore::RenderBlock::layout() 24 0x114fefddd WebCore::RenderView::layoutContent(WebCore::LayoutState const&) 25 0x114ff0c3a WebCore::RenderView::layout() 26 0x113eb6bf9 WebCore::FrameView::layout(bool) 27 0x113b16990 WebCore::Document::implicitClose() 28 0x113e806ab WebCore::FrameLoader::checkCallImplicitClose() 29 0x113e8037e WebCore::FrameLoader::checkCompleted() 30 0x113e7ee82 WebCore::FrameLoader::finishedParsing() 31 0x113b23dd3 WebCore::Document::finishedParsing() 1909670 1 ahmad.saleem792 2022-11-01 17:00:57 -0700 This comment seems to mention that it was Blink specific: https://bugs.chromium.org/p/chromium/issues/detail?id=450598#c3 This commit was pushed to fix issue in Blink: https://src.chromium.org/viewvc/blink?view=revision&revision=194638 and Webkit has similar code here: https://github.com/WebKit/WebKit/blob/0d7afc5a45c140c44497a81e92416f01306be877/Source/WebCore/rendering/shapes/ShapeOutsideInfo.cpp#L172 and I am not super sure, whether we need to do anything or not but appreciate if someone else can comment, it would be great. Thanks! 1920160 2 ahmad.saleem792 2022-12-16 18:20:06 -0800 Or this could be fix - https://chromium.googlesource.com/chromium/blink/+/2ab65b30003b20c2ca2828a2da1fd2cad8809f0c & https://github.com/WebKit/WebKit/blob/b357325af732916368c76dd65082e0e389bfb93c/Source/WebCore/rendering/style/RenderStyle.cpp#L2026 251004 2015-04-16 22:18:23 -0700 2015-04-16 22:18:23 -0700 Test case shape-outside-negative-block-width.html text/html 458 bjonesbe PCFET0NUWVBFIGh0bWw+CjxzdHlsZT4KYm9keTo6LXdlYmtpdC1zY3JvbGxiYXIgewogICAgLyog T3ZlcnJpZGUgdGhlIGRlZmF1bHQgaGlkZGVuIHNjcm9sbGJhcnMgb24gT1MgWC4gKi8KICAgIC13 ZWJraXQtYXBwZWFyYW5jZTogbm9uZTsKfQpodG1sLCBib2R5IHsKICAgIHdpZHRoOiAwLjglOwog ICAgb3ZlcmZsb3cteTogc2Nyb2xsOwp9CgpkaXYgewogICAgLXdlYmtpdC1zaGFwZS1tYXJnaW46 IDUwJTsKICAgIC13ZWJraXQtc2hhcGUtb3V0c2lkZTogY2lyY2xlKCk7CiAgICBmbG9hdDogbGVm dDsKfQo8L3N0eWxlPgo8Ym9keT4KICAgIDxkaXY+VGVzdCBwYXNzZXMgaWYgaXQgZG9lcyBub3Qg Y3Jhc2guPC9kaXY+CiAgICA8ZGl2PjwvZGl2Pgo8L2JvZHk+CjxzY3JpcHQ+CiAgICBpZiAod2lu ZG93LnRlc3RSdW5uZXIpCiAgICAgICAgdGVzdFJ1bm5lci5kdW1wQXNUZXh0KCk7Cjwvc2NyaXB0 Pgo=